The Agent Skills Directory

[COMMAND_EXECUTION]: The bash scripts scripts/github.sh and scripts/url.sh construct file system paths using the $version_label argument derived from user input without validation. This allows for potential path traversal, as operations like rm -rf and mkdir -p are performed on paths like vault/packages/$name/$version_label. An attacker could potentially delete or overwrite files outside the intended directory by providing a manipulated version string (e.g., ../../).
[EXTERNAL_DOWNLOADS]: The skill fetches content from external GitHub repositories and URLs using git and curl based on configurations in the vault/configs/ directory. This is used to retrieve documentation that is later processed into new agent skills.
[PROMPT_INJECTION]: The skill generates new SKILL.md files from downloaded documentation, creating a surface for Indirect Prompt Injection.
Ingestion points: External markdown files are downloaded into vault/packages/{name}/{version}/contents/ via scripts/github.sh and scripts/url.sh.
Boundary markers: None. The skill does not use delimiters or specific instructions to ignore embedded commands in the source documentation when generating new skill definitions.
Capability inventory: The skill uses subagents to create new SKILL.md files and provides commands (olore link, olore install) to activate the generated skills in the agent context.
Sanitization: No sanitization or filtering is performed on the downloaded content before it is incorporated into the generated skill files, which could allow malicious instructions in the source documentation to compromise the agent.

build-docs